jprdonnelly/qmi-cloud-tf-modules
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: jprdonnelly:qseastus
Branches Tags
jprdonnelly:master jprdonnelly:dev jprdonnelly:unity jprdonnelly:qseastus jprdonnelly:dbricks jprdonnelly:qsgen jprdonnelly:synapse jprdonnelly:Prabu.selvam-master-patch-11592 jprdonnelly:dev2 jprdonnelly:qdc jprdonnelly:qdcfromsnap jprdonnelly:QCS-IP-Fix jprdonnelly:RDS-Fix
..
compare: jprdonnelly:synapse
Branches Tags
jprdonnelly:dev jprdonnelly:master jprdonnelly:unity jprdonnelly:qseastus jprdonnelly:dbricks jprdonnelly:qsgen jprdonnelly:synapse jprdonnelly:Prabu.selvam-master-patch-11592 jprdonnelly:dev2 jprdonnelly:qdc jprdonnelly:qdcfromsnap jprdonnelly:QCS-IP-Fix jprdonnelly:RDS-Fix

1 Commits
qseastus ... synapse

Author SHA1 Message Date
Manuel Romero
cb2c299cc2 fixes for synapse 2022-10-24 17:02:21 +02:00
106 changed files with 882 additions and 1512 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

67
adls/main.tf
View File

@@ -1,67 +0,0 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 5
}
resource "azurerm_storage_account" "saccount" {
name = var.storage_account_name != null? var.storage_account_name : "qmiadlsgen2${random_id.randomMachineId.hex}"
resource_group_name = var.resource_group_name
location = var.location
account_kind = "StorageV2"
account_tier = "Standard"
access_tier = "Hot"
account_replication_type = "RAGRS"
is_hns_enabled = "true"
tags = var.tags
}
resource "azurerm_storage_container" "scontainer" {
name = var.container_name != null? var.container_name : "qmicontainer"
storage_account_name = azurerm_storage_account.saccount.name
#container_access_type = "container"
}
resource "azurerm_role_assignment" "data-contributor-role" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Contributor"
principal_id = var.tpm_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-role2" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.tpm_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp1" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp2" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
###### EXTRA ASSIGN ROLE #######
resource "azurerm_role_assignment" "machine_role_assignment" {
count = var.principal_id_storage_blob_contributor != null? 1 : 0
scope = azurerm_storage_account.saccount.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.principal_id_storage_blob_contributor
}

35
adls/outputs.tf
View File

@@ -1,35 +0,0 @@
output "StorageAccount-Scope" {
value = azurerm_storage_account.saccount.id
}
output "StorageAccount-AccessKey" {
value = nonsensitive(azurerm_storage_account.saccount.primary_access_key)
}
output "StorageAccount-ConnectionString" {
value = nonsensitive(azurerm_storage_account.saccount.primary_connection_string)
}
output "StorageAccount-Name" {
value = azurerm_storage_account.saccount.name
}
output "StorageAccount-ContainerName" {
value = azurerm_storage_container.scontainer.name
}
output "StorageAccount-ContainerId" {
value = azurerm_storage_container.scontainer.id
}
output "Azure_Active_Directory_Tenant_ID" {
value = "c21eeb5f-f5a6-44e8-a997-124f2f7a497c"
}
output "Azure_Application_Registration_Client_ID" {
value = var.dbricks_app_registration_application_id
}
output "Azure_Application_Registration_Secret" {
value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
}

38
adls/variable.tf
View File

@@ -1,38 +0,0 @@
variable "resource_group_name" {
}
variable "location" {
description = "The Azure Region in which the resources in this example should exist"
default = "East US"
}
variable "storage_account_name" {
default = null
}
variable "container_name" {
default = null
}
variable "tags" {
default = null
}
variable "tpm_app_registration_principal_id" {
description = "tpm"
default = "163a72e3-8ce3-4e33-baae-954383f87e3e"
}
variable "dbricks_app_registration_principal_id" {
description = "databricks-qmi"
default = "efeee17c-d2b3-4e7c-a163-9995b7d281e2"
}
variable "dbricks_app_registration_application_id" {
description = "databricks-qmi"
default = "9ccb0d99-3bba-4695-aa47-df77bf512084"
}
variable "principal_id_storage_blob_contributor" {
default = null
}

2
appgateways/appgw-443-only/main.tf
View File

@@ -151,7 +151,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443
priority = 1
}
@@ -168,7 +167,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic"
http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80
priority = 2
}
}

2
appgateways/appgw-443-only/output.tf
View File

@@ -11,5 +11,5 @@ output "appgw_public_ip" {
}
output "appgw_backend_address_pool_0_id" {
value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id
value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
}

8
appgateways/appgw-qdc-qs/outputs.tf
View File

@@ -10,14 +10,10 @@ output "appgw_public_ip" {
value = azurerm_public_ip.appgw-ip.ip_address
}
locals {
backend_pools = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool)
}
output "appgw_backend_address_pool_0_id" {
value = local.backend_pools[index(local.backend_pools.*.name, "${var.appgw_hostname}-qs-bp")].id
value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id
}
output "appgw_backend_address_pool_1_id" {
value = local.backend_pools[index(local.backend_pools.*.name, "${var.appgw_hostname}-qdc-bp")].id
value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).1.id
}

6
appgateways/appgw-qs/logs.tf
View File

@@ -5,9 +5,9 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
log_analytics_workspace_id = var.log_analytics_workspace_id
enabled_log {
log {
category = "ApplicationGatewayAccessLog"
enabled= true
enabled = true
retention_policy {
enabled = true
@@ -15,7 +15,7 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
}
}
enabled_log {
log {
category = "ApplicationGatewayFirewallLog"
enabled = true

15
compose-install/main.tf
View File

@@ -1,9 +1,20 @@
data "azurerm_key_vault_secret" "compose-license" {
name = "compose-license"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "c4dw" {
name = "compose-datawarehouse-license"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
locals {
composeLicense = (var.c_version == "c4dw")? nonsensitive(data.azurerm_key_vault_secret.c4dw.value) : nonsensitive(data.azurerm_key_vault_secret.compose-license.value)
cert_password = nonsensitive(data.azurerm_key_vault_secret.cert-password.value)
}
@@ -38,8 +49,8 @@ resource "null_resource" "install" {
inline = [
"powershell.exe -File C:/provision/compose-install/prep-files.ps1",
"powershell.exe -File C:/provision/compose-install/di-compose-getBinary.ps1 -url ${var.download_url}",
"powershell.exe -File C:/provision/compose-install/di-compose-install.ps1 -url ${var.download_url}",
"powershell.exe -File C:/provision/compose-install/di-compose-setlicense.ps1 -version ${var.c_version}",
"powershell.exe -File C:/provision/compose-install/di-compose-install.ps1 -url ${var.download_url} -version ${var.c_version}",
"powershell.exe -File C:/provision/compose-install/di-compose-setlicense.ps1 -composeLicense \"${local.composeLicense}\" -version ${var.c_version}",
"powershell.exe -File C:/provision/compose-install/di-compose-installQMICertificate.ps1 -CertPwd \"${local.cert_password}\" -version ${var.c_version}",
]

17
compose-install/scripts/Compose_install.iss
View File

@@ -1,20 +1,25 @@
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
Count=5
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0
Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcomeMaint-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-MessageBox-0]
Result=6
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0]
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
szDir=C:\Program Files\Qlik\Compose\
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0

20
compose-install/scripts/Compose_install_2021.8.0.iss Normal file
View File

@@ -0,0 +1,20 @@
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
Count=5
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0
Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
szDir=C:\Program Files\Qlik\Compose\
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0

21
compose-install/scripts/compose-license.txt
View File

@@ -1,21 +0,0 @@
{
"$type": "ComposeLicense",
"product": "QlikCompose",
"issued_to": "Attunity Americas",
"issued_by": "Attunity US",
"license_type": "EVALUATION",
"serial_no": "85008595",
"expiration_date": "2023-12-31",
"hosts": "",
"product_version": "2022.5",
"notes": "Qlik internal use only ",
"host_role": "",
"source_db_types": "",
"dwh_type": "*",
"dl_type": "*",
"number_of_dms": "0",
"number_of_developers": "0",
"managed_dwh_size": "0",
"issue_time": "12/15/2022 7:06:16 PM",
"signature": "iDk5NujmAcxcI80BSt4JaOEaSj35u0vzoRXvRcYXy4NpWJLFVvCRJ67LfVcA1WuLwHmarnYWYA+RWT0CyqpH1e4n3nZPaJAwBgnU5Z074rIUrHZi+Z5Hmgux2ptNqXJIr7S1JNc6+fBMHuG//hxYppf9Knmk+5cx5rafxNpCYUU="
}

30
compose-install/scripts/di-compose-install.ps1
View File

@@ -9,36 +9,26 @@ Intent: Install the selected version of Attunity Replicate
#>
Param(
[string] $url
[string] $url,
[string] $version = "gen2"
)
Import-Module $PSScriptRoot\q-helper.psm1 | Out-Null
$fileName = $url.Substring($url.LastIndexOf("/") + 1)
Write-Host "--- Starting di-compose-install.ps1"
$bin = "$PSScriptRoot\binaries\Attunity"
Write-Host "Binary Path $($bin)"
Write-Host "Starting di-c4dw-install.ps1"
$issFile = "Compose_install.iss"
if ( $url -Match "2021.2" ) {
$issFile="Compose_install_2021.2.0.iss"
}
if ( $url -Match "Attunity_Compose_for_Data_Warehouses" ) {
$issFile="Compose_install_c4dw.iss"
if ( $version -ne "gen2" ) {
$issFile = "Compose_install_$version.iss"
}
Write-Host "Using ISS file: $issFile"
Write-Host $bin\$fileName
if (Test-Path "$($bin)\Compose_silent_x64_install.log") {
Remove-Item -Path "$($bin)\Compose_silent_x64_install.log" -Force
}
If ((Test-Path $bin\$fileName))
{
Write-Host "Installing Attunity Compose from $($bin)\$($fileName)"
@@ -50,16 +40,16 @@ If ((Test-Path $bin\$fileName))
$exec = Get-ChildItem $bin\$fileNoExtension\*.exe | Select-Object -ExpandProperty Name
#Write-Host "Exec: $($exec)"
$silentInstall = "$($bin)\$($fileNoExtension)\$($exec) /s /f1$($PSScriptRoot)\$($issFile) /f2$($bin)\Compose_silent_x64_install.log"
$C4DWInstall = "$($bin)\$($fileNoExtension)\$($exec) /s /f1$($PSScriptRoot)\$($issFile) /f2$($bin)\Compose_silent_x64_install.log"
Write-Host "Run Compose silent installation : $($silentInstall)"
Invoke-Expression $silentInstall
Write-Host "Run Compose silent installation : $($C4DWInstall)"
Invoke-Expression $C4DWInstall
while (!(Test-Path "$($bin)\Compose_silent_x64_install.log")) {
Write-Host "[Waiting Compose to be installed] ..."
Start-Sleep 2
}
$resultLogs = Get-IniFile "$($bin)\Compose_silent_x64_install.log"
$testResult = $resultLogs.ResponseResult.ResultCode
$C4DWResults = Get-IniFile "$($bin)\Compose_silent_x64_install.log"
$testResult = $C4DWResults.ResponseResult.ResultCode
Write-Host "Installation return code : $($testResult)"
}

5
compose-install/scripts/di-compose-installQMICertificate.ps1
View File

@@ -6,11 +6,6 @@ Param(
try {
Write-Host "Install qmi_qlik-poc_com certificate on Windows"
$ProgressPreference = 'SilentlyContinue'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "$PSScriptRoot\wildcard_qmi_qlik-poc_com.pfx")
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert = Import-PfxCertificate -FilePath $PSScriptRoot/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
$thumb=$($sslCert.Thumbprint)

16
compose-install/scripts/di-compose-setlicense.ps1
View File

@@ -9,10 +9,14 @@ Intent: Setting the DBs
#>
Param(
[string] $composeLicense,
[string] $version = 'gen2'
)
Write-Host "--- Setting Compose License"
Write-Host "ComposeLicenseJSON"
Write-Host $composeLicense
Set-Content $PSScriptRoot\compose-license.txt $composeLicense
# TODO set license
$bin = "C:\Program Files\Qlik\Compose\bin\"
@@ -22,18 +26,16 @@ if ( $version -eq "c4dw" ) {
$bin = $bin -replace ' ','` '
$cmd = "$($bin)ComposeCli.exe connect"
Write-Host "--- Connect to Compose: $($cmd)"
Write-Host "Connect to Compose: $($cmd)"
$cmd = "$($bin)ComposeCli.exe connect"
Invoke-Expression $cmd
Start-Sleep 5
if ( $version -eq "2022.2.0" -or $version -eq "c4dw") {
# Old way
$cmd = "$($bin)ComposeCli.exe register_license --req @$PSScriptRoot\compose-license.txt"
} else {
# New way
if ( $version -eq "2021.8.0" ) {
$cmd = "$($bin)ComposeCli.exe register_license --infile $PSScriptRoot\compose-license.txt"
} else {
$cmd = "$($bin)ComposeCli.exe register_license --req @$PSScriptRoot\compose-license.txt"
}
Write-Host "Apply Compose License: $($cmd)"
Invoke-Expression $cmd

BIN
compose-install/scripts/wildcard_qmi_qlik-poc_com.pfx Normal file
View File

Binary file not shown.

11
databases/aws-rds/main.tf
View File

@@ -15,15 +15,12 @@ locals {
aurora = (var.engine == "aurora-mysql") ? true : (var.engine == "aurora-postgresql") ? true : false
vpc_id = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
port = (var.engine == "oracle-se2") ? "1521" : (var.engine == "postgres") ? "5432" : (var.engine == "aurora-postgresql") ? "5432" : (var.engine == "sqlserver-ex") ? "1433" : "3306"
name = (var.engine == "sqlserver-ex") ? null : (var.engine == "oracle-se2") ? "ora${local.provid5}" : "qmi${var.provision_id}"
license = (local.aurora == true) ? "general-public-license" : (var.engine == "mariadb") ? "general-public-license" : (var.engine == "postgres") ? "postgresql-license" : (var.engine == "mysql") ? "general-public-license" : "license-included"
port = var.port[var.engine]
engine_version = var.engine_version[var.engine]
major_engine_version = var.major_engine_version[var.engine]
family = var.family[var.engine]
engine_version = (var.engine == "oracle-se2") ? "19.0.0.0.ru-2021-04.rur-2021-04.r1" : (var.engine == "postgres") ? "13.3" : (var.engine == "mysql") ? "8.0.25" : (var.engine == "aurora-postgresql") ? "12.6" : (var.engine == "aurora-mysql") ? "5.7.mysql_aurora.2.10.0" : (var.engine == "sqlserver-ex") ? "15.00.4073.23.v1" : "10.5" #mariaDB
major_engine_version = (var.engine == "oracle-se2") ? "19" : (var.engine == "postgres") ? "13" : (var.engine == "mysql") ? "8.0" : (var.engine == "aurora-postgresql") ? "12" : (var.engine == "aurora-mysql") ? "5.7" : (var.engine == "sqlserver-ex") ? "15.00" : "10.5" #mariaDB
family = (var.engine == "oracle-se2") ? "oracle-se2-19" : (var.engine == "postgres") ? "postgres13" : (var.engine == "mysql") ? "mysql8.0" : (var.engine == "aurora-postgresql") ? "aurora-postgresql12" : (var.engine == "aurora-mysql") ? "aurora-mysql5.7" : (var.engine == "sqlserver-ex") ? "sqlserver-ex-15.0" : "mariadb10.5" #mariaDB
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"

76
databases/aws-rds/variables.tf
View File

@@ -38,6 +38,21 @@ variable "engine" {
description = "Accepted values are mysql, sqlserver-ex, postgres, oracle-se2, aurora-mysql, aurora-postgresql, mariadb"
}
variable "engine_version" {
default = "8.0.25"
description = "Not currently used"
}
variable "major_eng" {
default = "8.0"
description = "Not currently used"
}
variable "family" {
default = "mysql8.0"
description = "Not currently used"
}
variable "instance_size" {
default = "db.t3.large"
}
@@ -45,64 +60,3 @@ variable "instance_size" {
variable "storage" {
default = "20"
}
variable "engine_version" {
type = map
default = {
"mysql" = "8.0.32"
"postgres" = "13.3"
"oracle-se2" = "19.0.0.0.ru-2023-04.rur-2023-04.r1"
"sqlserver-ex" = "15.00.4236.7.v1"
"mariadb" = "10.5"
"aurora-mysql" = "8.0.mysql_aurora.3.02.3" #"5.7.mysql_aurora.2.11.2"
"aurora-postgresql" = "14.5"
}
}
variable "major_engine_version" {
type = map
default = {
"mysql" = "8.0"
"postgres" = "13"
"oracle-se2" = "19"
"sqlserver-ex" = "15.00"
"mariadb" = "10.5"
# for script compatibility only
"aurora-mysql" = "not_used"
"aurora-postgresql" = "not_used"
}
}
variable "family" {
type = map
default = {
"mysql" = "mysql8.0"
"postgres" = "postgres13"
"oracle-se2" = "oracle-se2-19"
"sqlserver-ex" = "sqlserver-ex-15.0"
"mariadb" = "mariadb10.5"
# for script compatibility only
"aurora-mysql" = "not_used"
"aurora-postgresql" = "not_used"
}
}
variable "port" {
type = map
default = {
"mysql" = "3306"
"postgres" = "5432"
"oracle-se2" = "1521"
"sqlserver-ex" = "1433"
"mariadb" = "3306"
"aurora-mysql" = "3306"
"aurora-postgresql" = "5432"
}
}

107
databases/azure-hdinsight-hadoop/main.tf
View File

@@ -1,107 +0,0 @@
resource "random_password" "password1" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
}
resource "random_password" "password2" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
}
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 5
}
resource "azurerm_storage_account" "example" {
name = "hdinsightstor${random_id.randomMachineId.hex}"
resource_group_name = var.resource_group_name
location = var.location
account_tier = "Standard"
account_replication_type = "LRS"
tags = var.tags
}
resource "azurerm_storage_container" "example" {
name = "hdinsight"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp1" {
scope = azurerm_storage_account.example.id
role_definition_name = "Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp2" {
scope = azurerm_storage_account.example.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
resource "azurerm_hdinsight_hadoop_cluster" "example" {
name = "hdicluster-${var.provision_id}"
resource_group_name = var.resource_group_name
location = var.location
cluster_version = "4.0"
tier = "Standard"
tags = var.tags
component_version {
hadoop = "3.1"
}
gateway {
username = "acctestusrgw"
password = random_password.password1.result
}
storage_account {
storage_container_id = azurerm_storage_container.example.id
storage_account_key = azurerm_storage_account.example.primary_access_key
is_default = true
}
roles {
head_node {
vm_size = "Standard_D3_V2"
username = "acctestusrvm"
password = random_password.password2.result
}
worker_node {
vm_size = "Standard_D3_V2"
username = "acctestusrvm"
password = random_password.password2.result
target_instance_count = 2
}
zookeeper_node {
vm_size = "Standard_D3_V2"
username = "acctestusrvm"
password = random_password.password2.result
}
}
}

59
databases/azure-hdinsight-hadoop/outputs.tf
View File

@@ -1,59 +0,0 @@
output "gateway-creds" {
value = {
username = "acctestusrgw"
password = nonsensitive(random_password.password1.result)
}
}
output "cluster-creds" {
value = {
username = "acctestusrvm"
password = nonsensitive(random_password.password2.result)
}
}
output "https_endpoint" {
value = azurerm_hdinsight_hadoop_cluster.example.https_endpoint
}
output "ssh_endpoint" {
value = azurerm_hdinsight_hadoop_cluster.example.ssh_endpoint
}
output "Azure_Active_Directory_Tenant_ID" {
value = "c21eeb5f-f5a6-44e8-a997-124f2f7a497c"
}
output "Azure_Application_Registration_Client_ID" {
value = var.dbricks_app_registration_application_id
}
output "Azure_Application_Registration_Secret" {
value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
}
output "adls_StorageAccount-Name" {
value = azurerm_storage_account.example.name
}
output "adls_StorageAccount-ContainerName" {
value = azurerm_storage_container.example.name
}
output "adls_StorageAccount-AccessKey" {
value = nonsensitive(azurerm_storage_account.example.primary_access_key)
}
output "adls_Azure_Active_Directory_Tenant_ID" {
value = "c21eeb5f-f5a6-44e8-a997-124f2f7a497c"
}
output "adls_Azure_Application_Registration_Client_ID" {
value = var.dbricks_app_registration_application_id
}
output "adls_Azure_Application_Registration_Secret" {
value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
}

26
databases/azure-hdinsight-hadoop/variables.tf
View File

@@ -1,26 +0,0 @@
variable "resource_group_name" {
type = string
}
variable "provision_id" {
type = string
}
variable "location" {
type = string
default = "EAST US"
}
variable "tags" {
default = null
}
variable "dbricks_app_registration_principal_id" {
description = "databricks-qmi"
default = "efeee17c-d2b3-4e7c-a163-9995b7d281e2"
}
variable "dbricks_app_registration_application_id" {
description = "databricks-qmi"
default = "9ccb0d99-3bba-4695-aa47-df77bf512084"
}

158
databases/dbricks/main.tf
View File

@@ -5,18 +5,65 @@ terraform {
required_providers {
databricks = {
source = "databricks/databricks"
version = ">= 1.13.0"
version = ">= 0.3.0"
}
}
}
locals {
cluster_nameUpper = upper(var.cluster_name)
myRegex = "/[^[:alpha:]]/"
splitLower = split(" ", lower(var.user_id))
np0 = replace(element(local.splitLower,0), local.myRegex, "")
np1 = replace(element(local.splitLower,1), local.myRegex, "")
c_n1 = substr(local.np0, 0, 3)
c_n2 = substr(local.np1, 0, 1)
c_n3 = substr(strrev(local.np1), 0, 1)
cluster_name = var.cluster_name != null? var.cluster_name : "${local.c_n1}${local.c_n2}${local.c_n3}"
}
resource "azurerm_databricks_workspace" "dbricksws" {
count = var.enabled == true? 1 : 0
location = var.location
name = "${local.cluster_name}-qlikdbricks-ws"
resource_group_name = var.resource_group_name
sku = "standard"
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
}
resource "azurerm_role_assignment" "contributor-dbricks" {
count = var.enabled == true? 1 : 0
scope = azurerm_databricks_workspace.dbricksws[0].id
role_definition_name = "Contributor"
principal_id = var.app_registration_principal_id
}
provider "databricks" {
alias = "mws"
azure_workspace_resource_id = var.enabled == true? azurerm_databricks_workspace.dbricksws[0].id : null
azure_client_id = var.enabled == true? "9b4761fd-4823-4f9d-ab3a-a95af38e7c29" : null
azure_client_secret = var.enabled == true? "FWH7Q~ByC.U5zNh0BaIDdK_poyxoy4SxW8hi1" : null
azure_tenant_id = var.enabled == true? "c21eeb5f-f5a6-44e8-a997-124f2f7a497c" : null
}
/*resource "databricks_workspace_conf" "this" {
count = var.enabled == true? 1 : 0
provider = databricks.mws
custom_config = {
"enableIpAccessLists" : true
}
@@ -24,6 +71,10 @@ locals {
resource "databricks_ip_access_list" "allowed-list" {
count = var.enabled == true? 1 : 0
provider = databricks.mws
label = "allow_in"
list_type = "ALLOW"
ip_addresses = [
@@ -56,101 +107,41 @@ resource "databricks_ip_access_list" "allowed-list" {
}*/
data "databricks_group" "admins" {
display_name = "admins"
}
resource "databricks_user" "aor" {
count = lower(var.user_email) != "aor@qlik.com"? 1 : 0
allow_cluster_create = true
databricks_sql_access = true
user_name = "aor@qlik.com"
display_name = "Manuel Romero"
}
resource "databricks_user" "me" {
provider = databricks.mws
count = var.enabled == true? 1 : 0
allow_cluster_create = true
databricks_sql_access = true
depends_on = [
azurerm_role_assignment.contributor-dbricks
]
user_name = var.user_email
display_name = var.user_id
}
resource "databricks_group_member" "i-am-admin" {
group_id = data.databricks_group.admins.id
member_id = databricks_user.me.id
}
resource "databricks_group_member" "i-am-admin-aor" {
count = lower(var.user_email) != "aor@qlik.com"? 1 : 0
group_id = data.databricks_group.admins.id
member_id = databricks_user.aor[0].id
}
resource "databricks_secret_scope" "scopeapp" {
count = (var.sku == "premium")? 1 : 0
name = "${var.cluster_name}scope"
}
resource "databricks_secret" "publishing_api" {
count = (var.sku == "premium")? 1 : 0
key = "accesskey"
string_value = var.app_reg_secret
scope = databricks_secret_scope.scopeapp[0].name
}
resource "databricks_sql_endpoint" "sqlep" {
count = (var.sku == "premium")? 1 : 0
name = "${local.cluster_nameUpper} SQL warehouse"
cluster_size = var.cluster_size
max_num_clusters = 1
}
resource "databricks_sql_global_config" "this" {
count = (var.sku == "premium")? 1 : 0
security_policy = "DATA_ACCESS_CONTROL"
data_access_config = {
"spark.hadoop.fs.azure.account.auth.type.${var.storage_account_name}.dfs.core.windows.net" : "OAuth",
"spark.hadoop.fs.azure.account.oauth.provider.type.${var.storage_account_name}.dfs.core.windows.net": "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider",
"spark.hadoop.fs.azure.account.oauth2.client.id.${var.storage_account_name}.dfs.core.windows.net" : var.app_reg_id,
"spark.hadoop.fs.azure.account.oauth2.client.secret.${var.storage_account_name}.dfs.core.windows.net" : "{{secrets/${var.cluster_name}scope/accesskey}}",
"spark.hadoop.fs.azure.account.oauth2.client.endpoint.${var.storage_account_name}.dfs.core.windows.net": "https://login.microsoftonline.com/c21eeb5f-f5a6-44e8-a997-124f2f7a497c/oauth2/token"
}
enable_serverless_compute = false
sql_config_params = {}
}
resource "databricks_token" "pat" {
resource "databricks_token" "pat" {
provider = databricks.mws
count = var.enabled == true? 1 : 0
depends_on = [
databricks_user.me,
databricks_user.aor
azurerm_role_assignment.contributor-dbricks,
databricks_user.me
]
comment = "qmi"
lifetime_seconds = 8640000
}
resource "databricks_cluster" "dbrickscluster" {
count = (var.cluster_name != null)? 1 : 0
provider = databricks.mws
count = (var.enabled == true && var.create_cluster == true)? 1 : 0
depends_on = [
azurerm_role_assignment.contributor-dbricks
]
cluster_name = "cluster-${var.cluster_name}"
cluster_name = "cluster-${local.cluster_name}"
spark_version = var.spark_version
node_type_id = var.node_type_id
@@ -159,12 +150,9 @@ resource "databricks_cluster" "dbrickscluster" {
"spark.databricks.delta.preview.enabled": true,
"spark.databricks.repl.allowedLanguages": "sql,python,r",
"spark.databricks.cluster.profile": "serverless",
"fs.azure.account.key.${var.storage_account_name}.dfs.core.windows.net": var.storage_account_accesskey,
"spark.databricks.delta.properties.defaults.autoOptimize.autoCompact": true,
"spark.databricks.delta.properties.defaults.autoOptimize.optimizeWrite": true
"fs.azure.account.key.${var.storage_account_name}.dfs.core.windows.net": var.storage_account_accesskey
}
spark_env_vars = {
"PYSPARK_PYTHON": "/databricks/python3/bin/python3"
}
@@ -174,5 +162,5 @@ resource "databricks_cluster" "dbrickscluster" {
max_workers = 4
}
autotermination_minutes = 45
autotermination_minutes = 120
}

24
databases/dbricks/outputs.tf
View File

@@ -1,25 +1,11 @@
output "cluster_id" {
value = (var.cluster_name != null)? databricks_cluster.dbrickscluster[0].id : null
output "databricks_workspace_url" {
value = var.enabled? azurerm_databricks_workspace.dbricksws[0].workspace_url : null
}
output "databricks_token" {
value = nonsensitive(databricks_token.pat.token_value)
value = var.enabled? nonsensitive(databricks_token.pat[0].token_value) : null
}
output "cluster_name" {
value = "cluster-${var.cluster_name}"
}
output "sql_endpoint_jdbc_url" {
value = var.sku == "premium"? databricks_sql_endpoint.sqlep[0].jdbc_url : null
}
output "sql_endpoint_data_source_id" {
value = var.sku == "premium"? databricks_sql_endpoint.sqlep[0].data_source_id : null
}
output "sql_endpoint_odbc_params" {
value = var.sku == "premium"? databricks_sql_endpoint.sqlep[0].odbc_params : null
}
value = "cluster-${local.cluster_name}"
}

39
databases/dbricks/varaibles.tf
View File

@@ -1,3 +1,11 @@
variable "location" {
default = "East US"
}
variable "resource_group_name" {
}
variable "cluster_name" {
default = null
}
@@ -14,26 +22,23 @@ variable "user_id" {
variable "user_email" {
}
variable "app_registration_principal_id" {
description = "tpm"
default = "163a72e3-8ce3-4e33-baae-954383f87e3e"
}
variable "enabled" {
default = false
}
variable "create_cluster" {
default = false
}
variable "spark_version" {
default = "10.4.x-scala2.12"
default = "7.3.x-scala2.12"
}
variable "node_type_id" {
default = "Standard_DS3_v2"
}
variable "sku" {
default = "standard"
}
variable "app_reg_id" {
default = null
}
variable "app_reg_secret" {
default = null
}
variable "cluster_size" {
default = "Small"
}

17
databases/firewall_ips/output.tf
View File

@@ -7,9 +7,6 @@ locals {
}
q_routes = {
AMER_FULLVPN1 = ["144.121.57.103", "144.121.57.103"]
AMER_FULLVPN2 = ["50.239.179.6", "50.239.179.6"]
EMEA_FULLVPN = ["193.15.228.246", "193.15.228.246"]
ITG = ["188.65.156.32", "188.65.156.47"]
ITG1 = ["212.73.252.96", "212.73.252.103"]
kfar_saba = ["194.90.96.176", "194.90.96.183"]
@@ -63,10 +60,6 @@ output "ips" {
output "cidr_blocks" {
value = [
# EMEA/AMER FULL VPN TUNNEL
"144.121.57.103/32",
"193.15.228.246/32",
"50.239.179.6/32",
# Azure QMI machines
"52.249.189.38/32",
"13.67.39.86/32",
@@ -105,14 +98,6 @@ output "cidr_blocks" {
"3.24.52.178/32",
"54.169.84.213/32",
"13.213.173.37/32",
"13.213.113.162/32",
# QCS STAGING
"18.233.22.130/32",
"18.205.135.40/32",
"35.169.201.36/32",
"18.155.181.46/32",
"18.155.181.25/32",
"18.155.181.128/32",
"18.155.181.76/32"
"13.213.113.162/32"
]
}

4
databases/synapse-ws/firewall.tf
View File

@@ -1,10 +1,10 @@
resource "azurerm_synapse_firewall_rule" "azureservices" {
/*resource "azurerm_synapse_firewall_rule" "azureservices" {
name = "AllowAllWindowsAzureIps"
synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
// https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_firewall_rule
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
}*/
resource "azurerm_synapse_firewall_rule" "fw-a-rule1" {

5
databases/synapse-ws/main.tf
View File

@@ -33,7 +33,6 @@ resource "azurerm_synapse_workspace" "synapsews" {
sql_administrator_login = var.sql_administrator_login
sql_administrator_login_password = var.sql_administrator_login_password
managed_virtual_network_enabled = true
identity {
@@ -68,7 +67,7 @@ resource "azurerm_synapse_sql_pool" "db" {
resource "azurerm_synapse_role_assignment" "sqladministrator_aor" {
depends_on = [
azurerm_synapse_firewall_rule.azureservices,
//azurerm_synapse_firewall_rule.azureservices,
azurerm_synapse_firewall_rule.fw-a-rule1,
azurerm_synapse_firewall_rule.fw-a-rule2,
@@ -86,7 +85,7 @@ resource "azurerm_synapse_role_assignment" "sqladministrator" {
count = (var.user_oid != null && var.user_oid != "c583b5aa-2844-4baf-b8bf-b6a1ae0b1520") ? 1 : 0
depends_on = [
azurerm_synapse_firewall_rule.azureservices,
//azurerm_synapse_firewall_rule.azureservices,
azurerm_synapse_firewall_rule.fw-a-rule1,
azurerm_synapse_firewall_rule.fw-a-rule2,

BIN
linux-common/centos/common/NessusAgent-10.2.0-es7.x86_64.rpm Normal file
View File

Binary file not shown.

21
linux-common/centos/common/extract-certs.sh
View File

@@ -1,21 +0,0 @@
#!/bin/bash
BASEDIR=$(dirname "$0")
mkdir -p $BASEDIR/qmicerts
wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx
PASSWORD=$1
# Extract the private key
openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -nocerts -nodes -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.key -passin pass:$PASSWORD
# Extract the public key
openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -clcerts -nokeys -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt -passin pass:$PASSWORD
# Extract the CA cert chain
openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -cacerts -nokeys -chain -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt -passin pass:$PASSWORD
cat $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt >> $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-fullchain.crt
rm -fr $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt
echo $PASSWORD > $BASEDIR/qmicerts/pfx-cert-password.txt

BIN
linux-common/centos/common/falcon-sensor-5.27.0-9104.el8.x86_64.rpm Executable file
View File

Binary file not shown.

BIN
linux-common/centos/common/falcon-sensor-5.29.0-9403.el7.x86_64.rpm Normal file
View File

Binary file not shown.

16
linux-common/centos/common/falcon.sh
View File

@@ -1,22 +1,20 @@
#!/bin/bash
echo "--- Executing: $0 $@"
BASEDIR=$(dirname "$0")
cVer=`rpm -E %{rhel}`
centos_ver=`rpm --eval %{centos_ver}`
binary='falcon-sensor-5.29.0-9403.el7.x86_64.rpm'
if [ $cVer -eq '8' ]; then
if [ $centos_ver -eq '8' ]; then
binary='falcon-sensor-5.27.0-9104.el8.x86_64.rpm'
fi
echo $binary
echo "--- Installing CrowdStrike falcon agent --> $binary"
echo "Installing CrowdStrike falcon agent"
echo "CID=$1"
wget --quiet https://d7ipctdjxxii4.cloudfront.net/others/$binary -O $BASEDIR/$binary
if ! rpm -qa | grep -qw falcon-sensor; then
sudo yum -y --quiet install $BASEDIR/$binary
sudo yum install $BASEDIR/$binary -y
fi
sudo /opt/CrowdStrike/falconctl -s -f --cid=$1
sudo systemctl start falcon-sensor

2
linux-common/centos/common/resizedisk.sh
View File

@@ -1,7 +1,5 @@
#!/bin/bash
echo "--- Executing: $0 $@"
echo "Resizing main partition to max available disk"
(
echo u # Change the units to sectors

9
linux-common/centos/common/save-cert.sh
View File

@@ -1,9 +0,0 @@
#!/bin/bash
BASEDIR=$(dirname "$0")
echo $1 > $BASEDIR/qmicerts/myserver.crt
echo $2 > $BASEDIR/qmicerts/myserver.key

15
linux-common/centos/common/tenable.sh
View File

@@ -1,23 +1,14 @@
#!/bin/bash
echo "--- Executing: $0 $@"
BASEDIR=$(dirname "$0")
echo "Installing Tenable Nessus Agent..."
KEY=$1
echo "KEY=$KEY"
cVer=`rpm -E %{rhel}`
sudo yum install $BASEDIR/NessusAgent-10.2.0-es7.x86_64.rpm -y
FILE="NessusAgent-10.2.1-es$cVer.x86_64.rpm"
echo "--- Installing Tenable Nessus Agent --> $FILE"
wget --quiet https://d7ipctdjxxii4.cloudfront.net/others/$FILE -O $BASEDIR/$FILE
sudo /bin/yum -y --quiet install $BASEDIR/$FILE -y
echo "--- Linking Tenable Nessus Agent..."
echo "Linking Tenable Nessus Agent..."
sudo /bin/systemctl start nessusagent.service
sudo /opt/nessus_agent/sbin/nessuscli agent link --key=$KEY --groups="Qlik IT Cloud Agents" --host=cloud.tenable.com --port=443

2
linux-common/centos/common/update.sh
View File

@@ -1,2 +0,0 @@
echo 'Updating OS. This will take a around 10 minutes'
yum -y --quiet update

59
linux-common/main.tf
View File

@@ -8,27 +8,14 @@ data "azurerm_key_vault_secret" "tenable-key" {
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert_password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
#data "azurerm_key_vault_certificate_data" "cert-data" {
# name = "star-qmi-qlikpoc-com-cert"
# key_vault_id = var.key_vault_id
#}
locals {
falcon_id = nonsensitive(data.azurerm_key_vault_secret.cid.value)
tenable_key = nonsensitive(data.azurerm_key_vault_secret.tenable-key.value)
cert_password = nonsensitive(data.azurerm_key_vault_secret.cert_password.value)
#cert_pem = nonsensitive(data.azurerm_key_vault_certificate_data.cert-data.pem)
#cert_key = nonsensitive(data.azurerm_key_vault_certificate_data.cert-data.key)
}
}
resource "null_resource" "files" {
provisioner "file" {
resource "null_resource" "post-linux-vm" {
provisioner "file" {
connection {
type = "ssh"
host = var.private_ip_address
@@ -40,13 +27,6 @@ resource "null_resource" "files" {
source = "${path.module}/${var.os_type}/common"
destination = "/home/${var.admin_username}"
}
}
resource "null_resource" "post-linux-vm" {
depends_on = [
null_resource.files
]
provisioner "remote-exec" {
connection {
@@ -63,35 +43,6 @@ resource "null_resource" "post-linux-vm" {
"sudo /home/${var.admin_username}/common/falcon.sh '${local.falcon_id}'",
"sudo /home/${var.admin_username}/common/resizedisk.sh",
"sudo /home/${var.admin_username}/common/tenable.sh '${local.tenable_key}'",
"sudo /home/${var.admin_username}/common/extract-certs.sh '${local.cert_password}'",
#"sudo /home/${var.admin_username}/common/save-cert.sh '${local.cert_pem}' '${local.cert_key}'",
]
}
}
resource "null_resource" "update" {
count = var.update? 1 : 0
depends_on = [
null_resource.files,
null_resource.post-linux-vm
]
provisioner "remote-exec" {
connection {
type = "ssh"
host = var.private_ip_address
user = var.admin_username
password = var.admin_password
timeout = "60s"
#private_key = "${file("~/.ssh/id_rsa")}"
}
inline = [
"echo ${var.admin_password} | sudo -S chmod u+x /home/${var.admin_username}/common/*.sh",
"sudo /home/${var.admin_username}/common/update.sh",
]
}
}
}

BIN
linux-common/ubuntu/common/NessusAgent-10.2.0-ubuntu1110_amd64.deb Normal file
View File

Binary file not shown.

21
linux-common/ubuntu/common/extract-certs.sh
View File

@@ -1,21 +0,0 @@
#!/bin/bash
BASEDIR=$(dirname "$0")
mkdir -p $BASEDIR/qmicerts
wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx
PASSWORD=$1
# Extract the private key
openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -nocerts -nodes -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.key -passin pass:$PASSWORD
# Extract the public key
openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -clcerts -nokeys -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt -passin pass:$PASSWORD
# Extract the CA cert chain
openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -cacerts -nokeys -chain -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt -passin pass:$PASSWORD
cat $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt >> $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-fullchain.crt
rm -fr $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt
echo $PASSWORD > $BASEDIR/qmicerts/pfx-cert-password.txt

BIN
linux-common/ubuntu/common/falcon-sensor_5.17.0-8103_amd64.deb Normal file
View File

Binary file not shown.

14
linux-common/ubuntu/common/falcon.sh
View File

@@ -1,21 +1,11 @@
#!/bin/bash
echo "--- Executing: $0 $@"
BASEDIR=$(dirname "$0")
binary="falcon-sensor_5.17.0-8103_amd64.deb"
echo "--- Installing CrowdStrike falcon agent --> $binary"
echo "Installing CrowdStrike falcon agent"
echo "CID=$1"
#sudo apt -qq -y update
sudo apt install libnl-3-200 libnl-genl-3-200 -qq -y
wget --quiet https://d7ipctdjxxii4.cloudfront.net/others/$binary -O $BASEDIR/$binary
if ! dpkg -l | grep -qw falcon-sensor; then
sudo dpkg -i $BASEDIR/$binary
sudo dpkg -i $BASEDIR/falcon-sensor_5.17.0-8103_amd64.deb
fi
sudo /opt/CrowdStrike/falconctl -s -f --cid=$1

2
linux-common/ubuntu/common/resizedisk.sh
View File

@@ -1,7 +1,5 @@
#!/bin/bash
echo "--- Executing: $0 $@"
echo "Resizing main partition to max available disk"
(
echo p # List the partitions details

13
linux-common/ubuntu/common/tenable.sh
View File

@@ -1,21 +1,14 @@
#!/bin/bash
echo "--- Executing: $0 $@"
BASEDIR=$(dirname "$0")
echo "Installing Tenable Nessus Agent..."
KEY=$1
echo "KEY=$KEY"
FILE="NessusAgent-10.2.1-ubuntu1404_amd64.deb"
sudo dpkg -i $BASEDIR/NessusAgent-10.2.0-ubuntu1110_amd64.deb
echo "--- Installing Tenable Nessus Agent --> $FILE"
wget --quiet https://d7ipctdjxxii4.cloudfront.net/others/$FILE -O $BASEDIR/$FILE
sudo dpkg -i $BASEDIR/$FILE
echo "--- Linking Tenable Nessus Agent..."
echo "Linking Tenable Nessus Agent..."
sudo /bin/systemctl start nessusagent.service
sudo /opt/nessus_agent/sbin/nessuscli agent link --key=$KEY --groups="Qlik IT Cloud Agents" --host=cloud.tenable.com --port=443

3
linux-common/ubuntu/common/update.sh
View File

@@ -1,3 +0,0 @@
echo 'Updating OS. This will take a around 10 minutes'
apt -qq -y update
apt --fix-broken -qq -y upgrade

7
linux-common/variables.tf
View File

@@ -8,16 +8,9 @@ variable "admin_password" {
}
variable "os_type" {
description = "Either 'centos' or 'ubuntu'"
default = "centos"
}
variable "key_vault_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.KeyVault/vaults/qmisecrets"
}
variable "update" {
type = bool
default = true
}

5
qmi-nic/mainf.tf
View File

@@ -71,7 +71,7 @@
address_prefix = "10.0.2.0/24"
}*/
/*resource "azurerm_public_ip" "publicip" {
resource "azurerm_public_ip" "publicip" {
count = var.isExternal? 1 : 0
@@ -80,7 +80,7 @@
location = var.location
allocation_method = "Dynamic"
domain_name_label = lower(var.prefix)
}*/
}
resource "azurerm_network_interface" "nic" {
name = "${var.prefix}-nic"
@@ -92,6 +92,7 @@ resource "azurerm_network_interface" "nic" {
name = "${var.prefix}-ip-cfg"
subnet_id = var.subnet_id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = var.isExternal? azurerm_public_ip.publicip[0].id : null
}
tags = {

8
qmi-nic/outputs.tf
View File

@@ -8,4 +8,12 @@ output "private_ip_address" {
output "ip_configuration_name" {
value = "${var.prefix}-ip-cfg"
}
output "public_ip_address" {
value = var.isExternal? azurerm_public_ip.publicip[0].ip_address : null
}
output "fqdn" {
value = var.isExternal? azurerm_public_ip.publicip[0].fqdn : null
}

BIN
qmicerts/wildcard_qmi_qlik-poc_com.pfx
View File

Binary file not shown.

2
replicate-install/main.tf
View File

@@ -62,7 +62,7 @@ resource "null_resource" "install" {
inline = [
"powershell.exe -File C:/provision/replicate-install/di-replicate-getBinary.ps1 -url ${var.download_url}",
"powershell.exe -File C:/provision/replicate-install/di-replicate-install.ps1 -url ${var.download_url}",
"powershell.exe -File C:/provision/replicate-install/di-replicate-installQMICertificate.ps1 -CertPwd \"${local.cert_password}\" -url ${var.download_url}",
"powershell.exe -File C:/provision/replicate-install/di-replicate-installQMICertificate.ps1 -CertPwd \"${local.cert_password}\"",
"powershell.exe -File C:/provision/replicate-install/di-em-register-replicate.ps1 -user ${var.vm_admin_username} -pass ${var.vm_admin_password} -domain ${local.domain}",
]

32
replicate-install/scripts/Replicate_install_2022.iss
View File

@@ -1,32 +0,0 @@
[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-DlgOrder]
Dlg0={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-0
Count=8
Dlg1={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdLicenseAgreement-0
Dlg2={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-1
Dlg3={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-0
Dlg4={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-1
Dlg5={9C614355-28A0-4C2A-98DF-DB9FD674826F}-AskOptions-0
Dlg6={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdStartCopy-0
Dlg7={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdFinish-0
[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-0]
Result=1
[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdLicenseAgreement-0]
Result=1
[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-1]
Result=1
[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-0]
szDir=C:\Program Files\Attunity\Replicate\
Result=1
[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-1]
szDir=C:\Program Files\Attunity\Replicate\data
Result=1
[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-AskOptions-0]
Result=1
Sel-0=1
Sel-1=0
[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdStartCopy-0]
Result=1
[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0

2
replicate-install/scripts/di-em-register-replicate.ps1
View File

@@ -38,4 +38,4 @@ Write-Host "--- Registering Replicate server in Enterprise Manager with name '$r
Invoke-RestMethod -Uri "https://di.qmi.qlik-poc.com/attunityenterprisemanager/api/v1/servers/$replsrvName/def" -Method "PUT" -Headers $Headers2 -Body $body_json
Write-Host "--- Setting Replicate server license through EM API"
Invoke-WebRequest -UseBasicParsing -Uri "https://di.qmi.qlik-poc.com/attunityenterprisemanager/api/v1/servers/$replsrvName/license/def" -Method "PUT" -Infile "$PSScriptRoot\replicate_license.txt" -Headers $Headers2
Invoke-WebRequest -UseBasicParsing -Uri "https://di.qmi.qlik-poc.com/attunityenterprisemanager/api/v1/servers/$replsrvName/license/def" -Method "PUT" -Infile "$PSScriptRoot\replicate_license_exp2022-12-31_ser60026541.txt" -Headers $Headers2

15
replicate-install/scripts/di-replicate-install.ps1
View File

@@ -18,27 +18,12 @@ if ( $url -Match "2021" ) {
$issFile="Replicate_install_2021.iss"
}
if ( $url -Match "2022" ) {
$issFile="Replicate_install_2022.iss"
}
Import-Module $PSScriptRoot\q-helper.psm1 | Out-Null
$fileName = $url.Substring($url.LastIndexOf("/") + 1)
$bin = "$PSScriptRoot\binaries\Attunity"
if (Test-Path "$($bin)\Replicate_silent_x64_install.log") {
Remove-Item -Path "$($bin)\Replicate_silent_x64_install.log" -Force
}
if (Test-Path "C:\Program Files\Attunity\Replicate") {
Remove-Item -Path "C:\Program Files\Attunity\Replicate" -Recurse -Force
}
Write-Host "Using ISS file: $issFile"
If ((Test-Path $bin\$fileName))
{
Write-Host "Installing Attunity Replicate Server from $($bin)\$($fileName)"

23
replicate-install/scripts/di-replicate-installQMICertificate.ps1
View File

@@ -1,17 +1,11 @@
Param(
[string] $CertPwd,
[string] $url
[string] $CertPwd
)
try {
Write-Host "Install qmi_qlik-poc_com certificate on Windows"
$ProgressPreference = 'SilentlyContinue'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "$PSScriptRoot\wildcard_qmi_qlik-poc_com.pfx")
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert = Import-PfxCertificate -FilePath $PSScriptRoot/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
$thumb=$($sslCert.Thumbprint)
@@ -19,25 +13,16 @@ try {
Start-Sleep 20
Write-Host "Set SSL qmi_qlik-poc_com for Replicate"
Stop-Service AttunityReplicateConsole
if ( $url -Match "2022.11" ) {
Stop-Service QlikReplicateServer
} else {
Stop-Service AttunityReplicateServer
}
Stop-Service AttunityReplicateServer
Start-Process -FilePath "C:\Program Files\Attunity\Replicate\bin\RepUiCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
Start-Service AttunityReplicateConsole
if ( $url -Match "2022.11" ) {
Start-Service QlikReplicateServer
} else {
Start-Service AttunityReplicateServer
}
Start-Service AttunityReplicateServer
Start-Sleep 10
Write-Host "Replicate services restarted!"

18
replicate-install/scripts/license_exp2021-09-30_ser60020486.txt Normal file
View File

@@ -0,0 +1,18 @@
#
# Attunity License
# Generated on 30-Sep-2020 20:41:19.3216+03:00
# License Comment: Qlik Internal use only
#
license_type=TERM_LICENSE
licensed_to=Qlik Tech
licensed_by=Attunity US
serial_no=60020486
expiration_date=2021-09-30
hosts=
source_types=
target_types=
features=
version=6.6
issue_date=2020-09-30
checksum=3H2K3-9KQ42-J2938-EF235

18
replicate-install/scripts/license_exp2021-12-31_ser60021240.txt Normal file
View File

@@ -0,0 +1,18 @@
#
# Attunity License
# Generated on 30-Nov-2020 19:36:15.5200+02:00
# License Comment:
#
license_type=EVALUATION_LICENSE
licensed_to=ADA Demo License 2021
licensed_by=Attunity US
serial_no=60021240
expiration_date=2021-12-31
hosts=
source_types=
target_types=
features=
version=7.0
issue_date=2020-11-30
checksum=5ERRJ-EQ395-79QQ8-C92F2

17
replicate-install/scripts/replicate_license.txt
View File

@@ -1,17 +0,0 @@
#
# Qlik License
# Generated on 15-Dec-2022 19:01:15.1383+02:00
# License Comment: Qlik internal use only
#
license_type=EVALUATION_LICENSE
licensed_to=Attunity Americas
licensed_by=Attunity US
serial_no=60031826
expiration_date=2023-12-31
hosts=
source_types=
target_types=
features=
version=2022.11
issue_date=2022-12-15
checksum=F4CK8-H36JR-8H58Q-833KH

18
replicate-install/scripts/replicate_license_exp2022-12-31_ser60026541.txt Normal file
View File

@@ -0,0 +1,18 @@
#
# Qlik License
# Generated on 07-Dec-2021 18:01:15.5540+02:00
# License Comment: For internal Qlik use only
#
license_type=EVALUATION_LICENSE
licensed_to=Attunity Americas
licensed_by=Attunity US
serial_no=60026541
expiration_date=2022-12-31
hosts=
source_types=
target_types=
features=
version=2021.11
issue_date=2021-12-07
checksum=5Q9FQ-27467-KRC52-77598

BIN
replicate-install/scripts/wildcard_qmi_qlik-poc_com.pfx Normal file
View File

Binary file not shown.

2
replicate-install/variables.tf
View File

@@ -11,6 +11,8 @@ variable "vm_admin_password" {
}
variable "download_url" {
//default = "https://da3hntz84uekx.cloudfront.net/QlikReplicate/2021.5/3/_MSI/AttunityReplicate_2021.5.0.924_X64.zip"
default = "https://github.com/qlik-download/replicate/releases/download/v2021.11.1/QlikReplicate_2021.11.0.165_X64.zip"
}
variable "key_vault_id" {

229
s3-bucket-sftp-public/main.tf
View File

@@ -1,229 +0,0 @@
terraform {
required_version = ">= 0.13"
required_providers {
aws = {
source = "hashicorp/aws"
version = "= 3.74.1"
}
}
}
locals {
tags = {
Deployment = "QMI"
"Cost Center" = "3100"
QMI_user = var.user_id
ProvID = var.provision_id
Name = "sftp-${var.provision_id}"
}
}
resource "tls_private_key" "sftp-key" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "generated_key" {
key_name = "key-${var.provision_id}"
public_key = tls_private_key.sftp-key.public_key_openssh
tags = local.tags
}
## Public_secret
resource "aws_secretsmanager_secret" "public_key" {
name = "pub-${var.provision_id}"
tags = local.tags
}
resource "aws_secretsmanager_secret_version" "public_key" {
secret_id = aws_secretsmanager_secret.public_key.id
secret_string = aws_key_pair.generated_key.public_key
}
## Private Secret
resource "aws_secretsmanager_secret" "private_key" {
name = "priv-${var.provision_id}"
tags = local.tags
}
resource "aws_secretsmanager_secret_version" "private_key" {
secret_id = aws_secretsmanager_secret.private_key.id
secret_string = nonsensitive(tls_private_key.sftp-key.private_key_pem)
}
module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "~> 2.1.0"
bucket = "sftp-${var.provision_id}"
acl = "private"
versioning = {
enabled = false
}
force_destroy = true
tags = local.tags
}
###
resource "aws_s3_bucket_public_access_block" "sftp-block" {
bucket = module.s3_bucket.s3_bucket_id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
###
resource "aws_iam_role" "logging" {
name = "${var.provision_id}-transfer-logging"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "logging" {
name = "${var.provision_id}-transfer-logging"
role = aws_iam_role.logging.id
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
POLICY
}
resource "aws_transfer_server" "public" {
endpoint_type = var.sftp_type
protocols = var.protocols
identity_provider_type = var.identity_provider_type
url = var.api_gw_url
invocation_role = var.invocation_role
logging_role = aws_iam_role.logging.arn
force_destroy = var.force_destroy
security_policy_name = var.security_policy_name
tags = local.tags
}
resource "aws_iam_role" "user" {
for_each = var.sftp_users
name = "${var.provision_id}-sftp-user-${each.key}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "user" {
for_each = var.sftp_users
name = "${var.provision_id}-sftp-user-${each.key}"
role = aws_iam_role.user[each.key].id
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"${join("", ["arn:aws:s3:::", module.s3_bucket.s3_bucket_id])}"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": "${join("", ["arn:aws:s3:::", module.s3_bucket.s3_bucket_id, "/", each.value, "/*"])}"
}
]
}
POLICY
}
resource "aws_transfer_user" "this" {
for_each = var.sftp_users
server_id = aws_transfer_server.public.id
user_name = each.key
home_directory = "/${module.s3_bucket.s3_bucket_id}/${each.value}"
role = aws_iam_role.user[each.key].arn
tags = local.tags
}
resource "aws_transfer_ssh_key" "this" {
for_each = { "sftpusr" = aws_secretsmanager_secret_version.public_key.secret_string }
server_id = aws_transfer_server.public.id
user_name = each.key
body = each.value
depends_on = [aws_transfer_user.this]
}

20
s3-bucket-sftp-public/outputs.tf
View File

@@ -1,20 +0,0 @@
output "id" {
value = aws_transfer_server.public.id
description = "ID of transfer server"
}
output "endpoint" {
value = aws_transfer_server.public.endpoint
description = "Endpoint of transfer server"
}
output "username" {
value = "sftpusr"
}
output "sftp-private" {
value = nonsensitive(aws_secretsmanager_secret_version.private_key.secret_string)
}

56
s3-bucket-sftp-public/variables.tf
View File

@@ -1,56 +0,0 @@
variable "region" {
default = "us-east-1"
}
variable "provision_id" {
}
variable "user_id" {
}
variable "sftp_type" {
type = string
default = "PUBLIC"
description = "Type of SFTP server. **Valid values:** `PUBLIC`, `VPC` or `VPC_ENDPOINT`"
}
variable "protocols" {
type = list(string)
default = ["SFTP"]
description = "List of file transfer protocol(s) over which your FTP client can connect to your server endpoint. **Possible Values:** FTP, FTPS and SFTP"
}
variable "identity_provider_type" {
type = string
default = "SERVICE_MANAGED"
description = "Mode of authentication to use for accessing the service. **Valid Values:** `SERVICE_MANAGED`, `API_GATEWAY`, `AWS_DIRECTORY_SERVICE` or `AWS_LAMBDA`"
}
variable "api_gw_url" {
type = string
default = null
description = "URL of the service endpoint to authenticate users when `identity_provider_type` is of type `API_GATEWAY`"
}
variable "invocation_role" {
type = string
default = null
description = "ARN of the IAM role to authenticate the user when `identity_provider_type` is set to `API_GATEWAY`"
}
variable "force_destroy" {
type = bool
default = true
description = "Whether to delete all the users associated with server so that server can be deleted successfully. **Note:** Supported only if `identity_provider_type` is set to `SERVICE_MANAGED`"
}
variable "security_policy_name" {
type = string
default = "TransferSecurityPolicy-2020-06"
description = "Specifies the name of the [security policy](https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html) to associate with the server"
}
variable "sftp_users" {
type = map(string)
default = { sftpusr = "sftpusr" }
}

5
s3-bucket/main.tf
View File

@@ -47,11 +47,6 @@ module "s3_bucket" {
force_destroy = true
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
tags = {
Deployment = "QMI"
"Cost Center" = "3100"

4
vm-centos/main.tf
View File

@@ -57,8 +57,8 @@ resource "azurerm_linux_virtual_machine" "vm" {
}
source_image_reference {
publisher = var.publisher
offer = var.offer
publisher = "OpenLogic"
offer = "CentOS"
sku = var.sku
version = "latest"
}

8
vm-centos/outputs.tf
View File

@@ -24,4 +24,12 @@ output "nic_private_ip_address" {
output "nic_ip_configuration_name" {
value = module.qmi-nic.ip_configuration_name
}
output "nic_fqdn" {
value = var.isExternal? module.qmi-nic.fqdn : null
}
output "nic_public_ip_address" {
value = var.isExternal? module.qmi-nic.public_ip_address : null
}

8
vm-centos/variables.tf
View File

@@ -35,14 +35,6 @@ variable "sku" {
default = "7.5"
}
variable "publisher" {
default = "OpenLogic"
}
variable "offer" {
default = "CentOS"
}
variable "user_id" {
default = null
}

4
vm-fromsnapshot-linux/main.tf
View File

@@ -96,10 +96,6 @@ resource "azurerm_virtual_machine" "vm" {
disable_password_authentication = false
}
identity {
type = "SystemAssigned"
}
tags = {
"Deployment" = "QMI PoC"
"Cost Center" = "3100"

4
vm-fromsnapshot-linux/outputs.tf
View File

@@ -24,8 +24,4 @@ output "nic_private_ip_address" {
output "nic_ip_configuration_name" {
value = module.qmi-nic.ip_configuration_name
}
output "principal_id" {
value = azurerm_virtual_machine.vm.identity.0.principal_id
}

86
vm-oraclelinux/main.tf Normal file
View File

@@ -0,0 +1,86 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 3
}
resource "random_password" "password" {
length = 16
special = false
override_special = "_"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 0
min_numeric = 2
}
locals {
virtual_machine_name = "${var.prefix}-${random_id.randomMachineId.hex}"
admin_username = var.admin_username
admin_password = random_password.password.result
}
module "qmi-nic" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
prefix = local.virtual_machine_name
location = var.location
subnet_id = var.subnet_id
resource_group_name = var.resource_group_name
user_id = var.user_id
}
resource "azurerm_virtual_machine" "vm" {
name = local.virtual_machine_name
location = var.location
resource_group_name = var.resource_group_name
network_interface_ids = [module.qmi-nic.id]
vm_size = var.vm_type
delete_os_disk_on_termination = true
delete_data_disks_on_termination = true
storage_image_reference {
# this is the Oracle linux image I found.
# az vm image list --all --publisher Oracle -o table
publisher = "Oracle"
offer = "Oracle-Linux"
sku = "77"
version = "latest"
}
storage_os_disk {
name = "${local.virtual_machine_name}-osdisk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = var.managed_disk_type
disk_size_gb = var.disk_size_gb
}
os_profile_linux_config {
disable_password_authentication = false
}
os_profile {
computer_name = local.virtual_machine_name
admin_username = local.admin_username
admin_password = local.admin_password
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
"ProvId" = var.provId != null? var.provId : null
"QMI_user" = var.user_id != null? var.user_id : null
"24x7" = var.is_24x7 == true? "" : null
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
"StartupTime": var.is_24x7 == false? var.startupTime : null
}
}

27
vm-oraclelinux/outputs.tf Normal file
View File

@@ -0,0 +1,27 @@
output "virtual_machine_id" {
value = azurerm_virtual_machine.vm.id
}
output "virtual_machine_name" {
value = "${var.prefix}-${random_id.randomMachineId.hex}"
}
output "admin_username" {
value = var.admin_username
}
output "admin_password" {
value = random_password.password.result
}
output "nic_id" {
value = module.qmi-nic.id
}
output "nic_private_ip_address" {
value = module.qmi-nic.private_ip_address
}
output "nic_ip_configuration_name" {
value = module.qmi-nic.ip_configuration_name
}

56
vm-oraclelinux/variables.tf Normal file
View File

@@ -0,0 +1,56 @@
variable "subnet_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-VM-Deployments"
}
variable "prefix" {
description = "The Prefix used for all resources in this example"
default = "QMI-ORACLELINUX"
}
variable "location" {
default = "East US"
}
variable "resource_group_name" {
}
variable "vm_type" {
default = "Standard_DS3_v2"
}
variable "managed_disk_type" {
default = "Premium_LRS"
}
variable "disk_size_gb" {
default = "128"
}
variable "admin_username" {
default = "qmi"
}
variable "user_id" {
default = null
}
variable "provId" {
default = null
}
variable "is_24x7"{
type = bool
default = null
}
variable "shutdownTime"{
default = null
}
variable "startupTime"{
default = null
}
# variable "subnet_id" {
# default = "/subscriptions/1f3d4c1d-6509-4c52-8dee-c15fb83f2920/resourceGroups/lkn-rg/providers/Microsoft.Network/virtualNetworks/lkn-vn/subnets/default"
# }

70
vm-oraclelinux81/main.tf
View File

@@ -37,37 +37,43 @@ module "qmi-nic" {
}
resource "azurerm_linux_virtual_machine" "vm" {
name = local.virtual_machine_name
resource_group_name = var.resource_group_name
location = var.location
size = var.vm_type
admin_username = local.admin_username
admin_password = local.admin_password
disable_password_authentication = false
network_interface_ids = [
module.qmi-nic.id,
]
resource "azurerm_virtual_machine" "vm" {
name = local.virtual_machine_name
location = var.location
resource_group_name = var.resource_group_name
network_interface_ids = [module.qmi-nic.id]
vm_size = var.vm_type
os_disk {
name = "${local.virtual_machine_name}-osdisk"
caching = "ReadWrite"
storage_account_type = var.managed_disk_type
disk_size_gb = var.disk_size_gb
}
delete_os_disk_on_termination = true
delete_data_disks_on_termination = true
identity {
type = "SystemAssigned"
}
source_image_reference {
storage_image_reference {
# this is the Oracle linux image I found.
# az vm image list --all --publisher Oracle -o table
publisher = "Oracle"
offer = "Oracle-Linux"
sku = "81"
version = "latest"
}
storage_os_disk {
name = "${local.virtual_machine_name}-osdisk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = var.managed_disk_type
disk_size_gb = var.disk_size_gb
}
os_profile_linux_config {
disable_password_authentication = false
}
os_profile {
computer_name = local.virtual_machine_name
admin_username = local.admin_username
admin_password = local.admin_password
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
@@ -77,20 +83,4 @@ resource "azurerm_linux_virtual_machine" "vm" {
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
"StartupTime": var.is_24x7 == false? var.startupTime : null
}
}
module "linux-common" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//linux-common"
depends_on = [
azurerm_linux_virtual_machine.vm
]
os_type = "centos"
private_ip_address = module.qmi-nic.private_ip_address
admin_username = local.admin_username
admin_password = local.admin_password
}
}

6
vm-oraclelinux81/outputs.tf
View File

@@ -1,5 +1,5 @@
output "virtual_machine_id" {
value = azurerm_linux_virtual_machine.vm.id
value = azurerm_virtual_machine.vm.id
}
output "virtual_machine_name" {
@@ -24,8 +24,4 @@ output "nic_private_ip_address" {
output "nic_ip_configuration_name" {
value = module.qmi-nic.ip_configuration_name
}
output "principal_id" {
value = azurerm_linux_virtual_machine.vm.identity.0.principal_id
}

1
vm-qdc/main.tf
View File

@@ -123,6 +123,5 @@ module "linux-common" {
private_ip_address = module.qmi-nic.private_ip_address
admin_username = local.admin_username
admin_password = local.admin_password
update = false
}

8
vm-qdc/outputs.tf
View File

@@ -38,4 +38,12 @@ output "mysql_demo_password" {
value = "Qlik1234!"
}
output "nic_fqdn" {
value = var.isExternal? module.qmi-nic.fqdn : null
}
output "nic_public_ip_address" {
value = var.isExternal? module.qmi-nic.public_ip_address : null
}

1
vm-qdc/scripts/feb2022/1-qdc-nextgen-xml.sh
View File

@@ -13,7 +13,6 @@ if [[ $2 == *"4.9.0"* ]]; then
sudo cp /home/qmi/scripts/feb2022/tomcat.service /etc/systemd/system/
fi
wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx
sudo cp /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx /usr/local/qdc
if [[ $2 == *"4.13.0"* ]]; then

3
vm-qdc/scripts/feb2022/2-core_env_setup.sh
View File

@@ -7,9 +7,6 @@ TOMCAT_HOME=$BASE/$TOMCAT
BASEDIR=$(dirname "$0")
echo "Replacing server.xml for Tomcat - Stopping Tomcat"
wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx
sudo cp /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx /usr/local/qdc
sudo cp /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx /usr/local/qdc
sudo systemctl stop tomcat.service
mv $TOMCAT_HOME/conf/server.xml $TOMCAT_HOME/conf/server.xml_backup

2
vm-qdc/scripts/feb2022/nextgen-xml_server.xml
View File

@@ -99,7 +99,7 @@
clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/local/qdc/wildcard_qmi_qlik-poc_com.pfx"
keystoreType="PKCS12"
keystorePass="8@afBR2AwKMb@4Rj" />
keystorePass="QJ]5M$>m,X)t=_:BNNt:mwFks7NqocSMbR@/zA" />
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

BIN
vm-qdc/scripts/wildcard_qmi_qlik-poc_com.pfx Normal file
View File

Binary file not shown.

5
vm-qs-alerting/scripts/qs-post-cfg.ps1
View File

@@ -117,11 +117,6 @@ While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials
### Install qlik-poc_com certificate
Write-Log -Message "Install 'qmi.qlik-poc.com' certificate, set thumbsprint and whitelist domain in QS central virtual proxy"
$ProgressPreference = 'SilentlyContinue'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "C:\provision\wildcard_qmi_qlik-poc_com.pfx")
try {
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd

BIN
vm-qs-alerting/scripts/wildcard_qmi_qlik-poc_com.pfx Normal file
View File

Binary file not shown.

173
vm-qs/main.tf
View File

@@ -13,8 +13,6 @@ resource "random_password" "password" {
override_special = "_!@"
upper = true
lower = true
numeric = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
@@ -26,8 +24,6 @@ resource "random_password" "qlikpassword" {
override_special = "_!@"
upper = true
lower = true
numeric = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
@@ -90,6 +86,57 @@ resource "azurerm_windows_virtual_machine" "vm" {
source_image_id = var.image_reference
provisioner "file" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "3m"
}
source = "${path.module}/main"
destination = "C:/provision"
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "3m"
}
inline = [
"powershell.exe -File C:/provision/prep-files.ps1",
"powershell.exe -File C:/provision/bootstrap-qs.ps1 -ModuleName vm-qs",
"powershell.exe -File C:/provision/gen-jwt.ps1"
]
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "3m"
}
inline = [
"powershell.exe -File C:/provision/qs-post-cfg.ps1 -Hostname ${var.resource_group_name}.qmi.qlik-poc.com -Serial ${local.serial} -Control ${local.control} -CertPwd \"${local.cert_password}\" -QlikUserPwd ${local.qlikpassword}",
"powershell.exe -File C:/provision/webconnectors/q-WebConnectors.ps1",
]
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
@@ -101,101 +148,43 @@ resource "azurerm_windows_virtual_machine" "vm" {
}
}
/*resource "azurerm_virtual_machine_extension" "prepfiles" {
depends_on = [
azurerm_windows_virtual_machine.vm
]
name = "vm-extension-prepfiles"
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
auto_upgrade_minor_version = true
settings = <<SETTINGS
{
"fileUris": [
"https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/vm-qs/main/prep-files.ps1"
],
"commandToExecute": "start powershell.exe -NoProfile -ExecutionPolicy unrestricted -File prep-files.ps1"
}
SETTINGS
}*/
resource "null_resource" "vm-qs-post" {
depends_on = [
azurerm_windows_virtual_machine.vm
]
/*provisioner "local-exec" {
command = "echo 'Waiting 20 seconds for PrepFiles to finish'; sleep 20;"
}*/
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "10m"
}
inline = [
"powershell -NoProfile -File C:\\Temp\\prep-files.ps1 -scenario vm-qs",
"powershell -NoProfile -File C:\\provision\\bootstrap-qs.ps1 -ModuleName vm-qs",
"powershell -NoProfile -File C:\\provision\\qs-post-cfg.ps1 -Hostname ${var.resource_group_name}.qmi.qlik-poc.com -Serial ${local.serial} -Control ${local.control} -CertPwd \"${local.cert_password}\" -QlikUserPwd ${local.qlikpassword}",
"powershell -NoProfile -File C:\\provision\\q-WebConnectors.ps1",
]
}
}
resource "null_resource" "vm-is-qdc" {
count = var.isWithQDC? 1 : 0
depends_on = [
azurerm_windows_virtual_machine.vm,
null_resource.vm-qs-post
]
provisioner "file" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "10m"
}
source = "${path.module}/scripts-qdc"
destination = "C:/provision/qdc"
}
}
module "win-common" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//win-common"
depends_on = [
azurerm_windows_virtual_machine.vm,
null_resource.vm-qs-post,
null_resource.vm-is-qdc
azurerm_windows_virtual_machine.vm
]
private_ip_address = module.qmi-nic.private_ip_address
admin_username = local.admin_username
admin_password = local.admin_password
}
}
/*
resource "null_resource" "post-win-common" {
depends_on = [
module.win-common
]
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
insecure = true
use_ntlm = false
https = false
timeout = "3m"
}
inline = [
"powershell.exe -File C:/provision/win-common/sharepoint-pnp/install.ps1",
"powershell.exe -File C:/provision/win-common/onedrive-install.ps1",
]
}
}
*/

8
vm-qs/outputs.tf
View File

@@ -26,6 +26,14 @@ output "nic_private_ip_address" {
value = module.qmi-nic.private_ip_address
}
output "nic_fqdn" {
value = var.isExternal? module.qmi-nic.fqdn : null
}
output "nic_public_ip_address" {
value = var.isExternal? module.qmi-nic.public_ip_address : null
}
output "nic_ip_configuration_name" {
value = module.qmi-nic.ip_configuration_name
}

51
vm-qs/scripts/bootstrap-qs.ps1
View File

@@ -9,13 +9,11 @@ function New-Credential($u,$p) {
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
Write-Log "--- Current logged-on user: $env:USERNAME"
New-NetFirewallRule -DisplayName "Qlik Sense More" -Direction Inbound -LocalPort 4244,4242, 4432, 4444, 5355, 5353, 80, 4248, 3090, 4000, 5555, 5556, 4993, 4994 -Protocol TCP -Action Allow -ea Stop | Out-Null
Write-Log "Current logged-on user: $env:USERNAME"
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
#Set-Service -Name "QlikLoggingService" -StartupType Automatic
Set-Service -Name "QlikLoggingService" -StartupType Automatic
Set-Service -Name "QlikSenseServiceDispatcher" -StartupType Automatic
Set-Service -Name "QlikSenseProxyService" -StartupType Automatic
Set-Service -Name "QlikSenseEngineService" -StartupType Automatic
@@ -24,12 +22,17 @@ Set-Service -Name "QlikSenseSchedulerService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryDatabase" -StartupType Automatic
Write-Log "===== Bootstrap Qlik Sense ====="
Write-Log "Bootstrap Qlik Sense..."
Write-Log "Starting only QlikSenseRepositoryDatabase and QlikSenseServiceDispatcher services ..."
Stop-Service QlikSenseRepositoryService
Start-Service QlikSenseRepositoryDatabase
Start-Service QlikSenseServiceDispatcher
#Delete certificates
#Write-Log "Deleting old certificates files..."
#Get-ChildItem "$($env:ProgramData)\Qlik\Sense\Repository\Exported Certificates\" | Remove-Item -Recurse
Write-Log "--- Deleting old certificates from keyStore..."
Write-Log "Deleting old certificates from keyStore..."
$Certs = Get-ChildItem cert:"CurrentUser\My"
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\My"
@@ -37,51 +40,44 @@ $Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI' }
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
Write-Log "--- Starting only QlikSenseRepositoryDatabase and QlikSenseServiceDispatcher services ..."
Stop-Service QlikSenseRepositoryService
Start-Service QlikSenseRepositoryDatabase
Start-Service QlikSenseServiceDispatcher
Write-Log "--- Setting new hostname ($($env:computername)) in to Host.cfg file..."
Write-Log "Setting new hostname ($($env:computername)) in to Host.cfg file..."
$enchostname = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$($env:computername)"))
Set-Content -Path C:\ProgramData\Qlik\Sense\Host.cfg -Value $enchostname
Write-Log "--- Executing ... Repository.exe -bootstrap -standalone -restorehostname"
Write-Log "Executing ... Repository.exe -bootstrap -standalone -restorehostname"
$waiting=20
if ( $env:USERNAME -eq "qservice" ) {
$waiting=50
Write-Log "--- The user executing this script is already 'qservice'"
Write-Log "The user executing this script is already 'qservice'"
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
} else {
Write-Log "--- The user executing this script is NOT 'qservice'"
Write-Log "The user executing this script is NOT 'qservice'"
$cred = New-Credential "qservice" "Qlik1234"
Start-Process powershell.exe -Credential $cred -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
}
Start-Sleep -s $waiting
Write-Log "--- Restarting Service Dispatcher"
Write-Log "Restarting Service Dispatcher"
Restart-Service QlikSenseServiceDispatcher -Force
Start-Sleep -s 30
Start-Sleep -s 20
Write-Log "Restarting all Qlik Sense services"
#Restart-Service QlikSenseServiceDispatcher -Force
#Restart-Service QlikLoggingService -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseRepositoryService -Force
Start-Sleep -s 10
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSenseSchedulerService -Force
Restart-Service QlikSensePrintingService -Force
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f
#### Recreate QS desktop shortcuts
Write-Log "--- Recreating Qlik Sense desktop shortcuts..."
Write-Log "Recreating Qlik Sense desktop shortcuts..."
$sourcepath="C:\Users\Public\Desktop\Qlik Management Console.lnk"
$destination="C:\Users\Public\Desktop\Qlik Management Console2.lnk"
Copy-Item $sourcepath $destination ## Get the lnk we want to use as a template
@@ -106,11 +102,11 @@ Rename-Item -Path $destination -NewName "Qlik Sense Hub.lnk"
####
Write-Log "--- New Certs: CurrentUser\My"
Write-Log "New Certs: CurrentUser\My"
Get-ChildItem cert:"CurrentUser\My"
Write-Log "--- New Certs: LocalMachine\My"
Write-Log "New Certs: LocalMachine\My"
Get-ChildItem cert:"LocalMachine\My"
Write-Log "--- New Certs: LocalMachine\Root"
Write-Log "New Certs: LocalMachine\Root"
Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
$NewCerts = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
@@ -118,18 +114,17 @@ if ($NewCerts) {
if ( $ModuleName -ne "vm-qs" ) {
Start-Sleep -s 20
Write-Log "--- Recovering Qlik Sense users"
Write-Log "Recovering Qlik Sense users"
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/c $PSScriptRoot\qs-reset-users.bat'"
Restart-Service QlikSenseRepositoryService -Force
}
Write-Log "===== Boostrap Qlik Sense completed!! ======"
Write-Log "Boostrap Qlik Sense completed!!"
# May 2021 needs a new restart of QlikSenseServiceDispatcher
Restart-Service QlikSenseServiceDispatcher -Force
} else {
Write-Error "==== Error Bootstraping Qlik Sense ====="
Write-Error "Error Bootstraping Qlik Sense"
throw "Error Bootstraping Qlik Sense"
}

0
vm-qs/scripts-qdc/gen-jwt.ps1 → vm-qs/scripts/gen-jwt.ps1
View File

0
vm-qs/scripts-qdc/jwt-generator.zip → vm-qs/scripts/jwt-generator.zip
View File

0
vm-qs/scripts-qdc/Categories.qvd → vm-qs/scripts/qdc/Categories.qvd
View File

0
vm-qs/scripts-qdc/Employees.qvd → vm-qs/scripts/qdc/Employees.qvd
View File

0
vm-qs/scripts-qdc/FullRecords.csv → vm-qs/scripts/qdc/FullRecords.csv
View File

Can't render this file because it is too large.

0
vm-qs/scripts-qdc/Offices.qvd → vm-qs/scripts/qdc/Offices.qvd
View File

0
vm-qs/scripts-qdc/Products.qvd → vm-qs/scripts/qdc/Products.qvd
View File

0
vm-qs/scripts-qdc/Restart-ServiceDispatcher.ps1 → vm-qs/scripts/qdc/Restart-ServiceDispatcher.ps1
View File

0
vm-qs/scripts-qdc/Sales_Data.qvd → vm-qs/scripts/qdc/Sales_Data.qvd
View File

0
vm-qs/scripts-qdc/Suppliers.qvd → vm-qs/scripts/qdc/Suppliers.qvd
View File

0
vm-qs/scripts-qdc/Territories.qvd → vm-qs/scripts/qdc/Territories.qvd
View File

0
vm-qs/scripts-qdc/qdc-scenario-config.ps1 → vm-qs/scripts/qdc/qdc-scenario-config.ps1
View File

0
vm-qs/scripts-qdc/qdc-setup-sept20.ps1 → vm-qs/scripts/qdc/qdc-setup-sept20.ps1
View File

0
vm-qs/scripts-qdc/qdc-setup.ps1 → vm-qs/scripts/qdc/qdc-setup.ps1
View File

7
vm-qs/scripts/qs-post-cfg.ps1
View File

@@ -243,13 +243,6 @@ restartQse
### Install qlik-poc_com certificate
Write-Log -Message "Install qmi_qlik-poc_com certificate on Windows"
$ProgressPreference = 'SilentlyContinue'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "C:\provision\wildcard_qmi_qlik-poc_com.pfx")
write-log -Message "Cert password is: $CertPwd"
try {
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd

227
vm-qs/scripts/webconnectors/deploy.config Normal file
View File

@@ -0,0 +1,227 @@
<Deploy>
<!--
You will need to restart Qlik Web Connectors if you make changes to this file.
-->
<!--
*************************************************************************
Settings between these lines are supported in current version.
-->
<Port>5555</Port>
<Authentication>
<!--
Set to
None
This will run Qlik Web Connectors without any concept of users or access tokens, which have been
introduced in the new web version to support users accessing the application from separate machines.
This is the quickest and easiest way to get up and running and if used in conjunction with
AllowRemoteAccess set to false is a straight swap in replacement for the WinForms edition.
or
FormsAuthentication
Use this value if you would like users to sign in to Qlik Web Connectors from other machines and be able to
generate load scripts which are secured with an access token and whitelisted IP addresses.
-->
<Type>None</Type>
<FormsAuthentication>
<CryptographyConfiguration>
<!--
These values are used when encrypting the authentication cookies used for maintaining
a users logged in status with Forms authentication.
-->
<RijndaelEncryptionProvider_Passphrase>SuperSecretPass123</RijndaelEncryptionProvider_Passphrase>
<DefaultHmacProvider_Passphrase>UberSuperSecure123</DefaultHmacProvider_Passphrase>
</CryptographyConfiguration>
<!--
The PasswordChecker element should contain one of the following. SaltedPBKDF2SHA1PasswordChecker
is recommended as it is the most secure. Setting the EnableUserManagement element to true and
using the inbuilt UI to manage users is also recommended.
PlainTextPasswordChecker - User XML element should contain a Password element containing plain text password.
SHA512PasswordChecker - User XML element should contain a PasswordHash element containing UTF8 SHA512 base 64 encoded password hash.
SaltedPBKDF2SHA1PasswordChecker - Uses a salted hash (RECOMMENDED).
-->
<PasswordChecker>PlainTextPasswordChecker</PasswordChecker>
</FormsAuthentication>
</Authentication>
<Proxy>
<UseProxy>false</UseProxy>
<ProxyAddress></ProxyAddress>
<ProxyUsername></ProxyUsername>
<ProxyDomain></ProxyDomain>
<ProxyPassword></ProxyPassword>
</Proxy>
<!--
Whether to allow access from remote machines (i.e. non localhost).
-->
<AllowRemoteAccess>true</AllowRemoteAccess>
<!--
******************************************************************************************************
********** This replaces the <AllowConnectorsFileSystemAccess> element in previous versions **********
******************************************************************************************************
Some connectors can read/write to disk, this element lets you whitelist which paths the connectors are permitted to access.
Notes:
* Multiple paths should be delimited with a semicolon (;).
* If you want to white list ALL paths use a *
* This setting applies across all connectors.
* The account running the connector exe must also have permission to access any file in question.
* Leaving it empty is equivalent to denying the connectors file system access.
Some Examples:
<FileSystemAccessAllowedPaths>c:\QWC\TempFiles;c:\SomeOtherDirectory</FileSystemAccessAllowedPaths>
<FileSystemAccessAllowedPaths>c:\</FileSystemAccessAllowedPaths>
<FileSystemAccessAllowedPaths>*</FileSystemAccessAllowedPaths>
-->
<FileSystemAccessAllowedPaths></FileSystemAccessAllowedPaths>
<ConnectorConfig>
<!-- Some connectors have connector specific configuration options which are managed here -->
<Connector>
<WebConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</WebConnector>
<SugarCRMConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</SugarCRMConnector>
<TextAnalyser_RepustateConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</TextAnalyser_RepustateConnector>
<MSCRMConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</MSCRMConnector>
<MSCRMConnectorV2>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</MSCRMConnectorV2>
<ODataConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</ODataConnector>
<JIRAConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</JIRAConnector>
<SMTPConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</SMTPConnector>
<MailboxIMAPConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</MailboxIMAPConnector>
<MailboxPOP3Connector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</MailboxPOP3Connector>
</Connector>
</ConnectorConfig>
<!-- Valid values: Off, Error, Warn, Info, Trace - We would recommend you have at least Error set. -->
<LoggingLevel>Info</LoggingLevel>
<!-- This shows the user management API and enables the API which supports it. -->
<EnableUserManagement>true</EnableUserManagement>
<!--
This is the name used in the generated load script.
This is set automatically to localhost or machine name depending on your
other settings but you can also override it here (if AllowRemoteAccess is set
to true).
-->
<HostnameOverride></HostnameOverride>
<!--
Default allowed IP addresses for new users.
From most to least secure:
<empty>
<comma separated list of ip addresses>
{current_ip_address}
any
-->
<DefaultAllowedIpAddresses></DefaultAllowedIpAddresses>
<RequireSSL>false</RequireSSL>
<!--
Settings between these lines are supported in current version.
*************************************************************************
-->
<!--
*************************************************************************
We would not recommend editing the following settings at present.
-->
<Theme>default</Theme>
<CompressHTTP>true</CompressHTTP>
<!--
Comma separated List of Connector IDs to be excluded from this deployment.
They will be shown in the connector list but if you try to use them an error will occur.
-->
<DisabledConnectors></DisabledConnectors>
<!--
Set this to limit the maximum number of rows which will be generated for a request in
the UI. This can help improve performance. Note at present you may still get more rows
than this but this system will attempt to cancel any more API requests after this
threshold is reached.
Set to 0 to ignore this.
-->
<MaxRowsInUI>5000</MaxRowsInUI>
<Providers>
<!--
Only used for forms auth.
-->
<FormsUsers provider="FileBasedFormsUsersProvider" config="{app_root}/logins.xml"></FormsUsers>
<!--
User specific data, for both connector configuration and global
Implementation of APIConnectorInterfaces.Interfaces.Connector_Services.ISettingsStorer
Which takes a config string in the constructor.
-->
<UserSettings provider="FileBasedSettingsProvider" config="{app_root}/App_Data/{user_id}/UserSettings.xml"></UserSettings>
<!--
Connector settings for a specific user.
-->
<ConnectorSettings provider="FileBasedSettingsProvider" config="{app_root}/App_Data/{user_id}/ConnectorSettings.xml"></ConnectorSettings>
<!--
User specific log implementation. Note that the logging level is currently set using
the LoggingLevel element in deploy.config and if this is set to Off it will also
override this setting.
-->
<UserLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/{user_id}/Logs"></UserLogs>
<!--
System wide log implementation. Note that the logging level is currently set using
the LoggingLevel element in deploy.config and if this is set to Off it will also
override this setting.
-->
<GlobalLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/Logs"></GlobalLogs>
<!--
User specific API call logger.
-->
<UserAPICallLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/{user_id}/Logs/APICalls"></UserAPICallLogs>
<!--
User specific cached data Implementation of APIConnectorInterfaces.Interfaces.Connector_Services.ICache
Which takes a config string in the constructor.
-->
<Cache provider="FileBasedCacheProvider" config="{app_root}/App_Data/{user_id}/{connector_id}_Cache/"></Cache>
</Providers>
</Deploy>

Some files were not shown because too many files have changed in this diff Show More